It’s a common refrain from our security clients: “our systems and processes are more about convenience than compliance”. (This is a direct quote from one them). Well of course they are. Most of your systems (and even more of your processes) were probably developed before the current set of laws and standards came into force. The […]

Once upon a time security was an afterthought. And the security profession tried to convince everyone that building security in from the start was cheaper, easier and more effective. Ok, increased prototyping costs, but then, prototyping without understanding the impact of security might be claimed to be somewhat pointless. Then DevSecOps appeared. (Yes, Gartner has […]